QUESTION 61Your company has a private cloud that is managed by using a System Center 2012 Operations Manager infrastructure. You have a distributed application named App1. App1 has the following service level objectives (SLOs):– At least 99.9 percent uptime– No more than 85 percent average CPU utilizationYou need to add the SLOs that monitor the required information to Service Level Tracking. Which SLO or SLOs should you add? (Each correct answer presents part of the solution. Choose all that apply.)

Answer: ACExplanation:http://technet.microsoft.com/en-us/library/hh230719.aspxTo define a service level objective for an application Open the Operations console with an account that is a member of the Operations Manager Administrators user role.Click Authoring.In the navigation pane, expand Management Pack Objects, and then click Service Level Tracking.In the Tasks pane, click Create.In the Service Level Tracking dialog box, type a name for the service level that you are defining. For example, type LOB Application 1. Optionally, you can provide a description. Click Next. On the Objects to Track page, under Targeted class, click Select. In the Select a Target Class dialog box, select a class for the service level, such as Distributed Application, from the list in the text box. You can search for a class by typing its name into the Look For text box. Click OK to close the Select a Target dialog box. You can use the Scope option to specify the scope for the service level. The default selection is to use all objects of the targeted class.Select the management pack that this service level will be saved in. You can use an existing management pack or create a new one.Click Next.On the Service Level Objectives page, click Add, and then click Monitor state SLO to create a new monitor.This monitor will track the availability of the application.Define the state monitor as follows:In the Service level objective name text box, type a name for the service level objective. For this scenario, type Availability.From the Monitor drop-down list, choose the specific monitor that you want to use to measure the objective. For this scenario, choose Availability.Using the Service level objective goal (%) spin box, provide the numerical measure for your objective. For example, select 99.990 to indicate that your goal is 99.99% availability. You can refine what the monitor tracks to determine availability by selecting or clearing any of the following state criteria:– Unplanned maintenance– Unmonitored– Monitoring unavailable– Monitor disabled– Planned maintenance– WarningClick OK.On the Service Level Objectives page, click Add, and then click Collection rule SLO to create a new collection rule. This rule will track the performance of the application Define the performance collection rule as follows:In the Service level objective name: text box, type a name for the service level objective. For this scenario, type Performance.Under Targeted class, click Select to open the Select a Target Class dialog box. Specify the target class for the rule from the list of targets in the text box. Note that this class must be contained in the distributed application.For this scenario, select the specific class the rule is targeted to, such as Windows Server 2008 Operating System.Under Performance collection rule, click Select to open the Select a Rule dialog box. Specify the performance collection rule to use. For this scenario, choose Collect Processor\ % Processor Time performance counter, and then click OK.Using one of the Aggregation method options, choose one of the following:– Average– Min– MaxUse the Service level objective goal drop-down list to specify either Less than or More than, and enter a value in the adjacent text box. For this scenario, choose Less Than and 80. This indicates that the performance goal is to never exceed 80% processor time.Click OK.On the Service Level Objectives page, click Next.On the Summary page, review the settings, and then click Finish.When the Completion page appears, click Close.

QUESTION 62Your company has a private cloud that is managed by using a System Center 2012 infrastructure. The network contains a Microsoft SharePoint Server 2010 server farm. The server farm is hosted on 20 virtual machines. You deploy a custom solution to the SharePoint server farm. The solution requires that a new Web.config file be deployed to all of the front-end servers. You need to identify which front-end servers have an outdated version of the Web.config file. What should you do?

Answer: DExplanation:Desired configuration management in Configuration Manager 2007 allows you to assess the compliance of computers with regard to a number of configurations, such as whether the correct Microsoft Windows operating system versions are installed and configured appropriately, whether all required applications are installed and configured correctly, whether optional applications are configured appropriately, and whether prohibited applications are installed. Additionally, you can check for compliance with software updates and security settings. http://technet.microsoft.com/en-us/library/bb680553.aspxBy Gol: Typical Microsft question. Should you create a baseline first or just monitor.For me identify = Operations Manager

QUESTION 63Your company has a private cloud that is managed by using a System Center 2012 Virtual Machine Manager (VMM) infrastructure. The infrastructure contains several Hyper-V hosts. You configure VMM to use an update server and to synchronize the updates by using a Windows Server Update Services (WSUS) server. You attempt to verify compliance with the Sample Baseline for Security Updates. You view the console as shown in the exhibit. (Click the Exhibit button.)You need to ensure that you can verify compliance for the Hyper-v hosts. What should you modify?

A. the update classifications of the update serverB. the Assignment Scope of the baselineC. the default configuration providerD. the Network settings of the All Hosts host group

Answer: BExplanation:To add a Windows Server Update Server to VMMIn the VMM console, open the Fabric workspace.On the Home tab, in the Add group, click Add Resources, and then click Update Server. The Add Windows Server Update Services Server dialog box opens. In Computer name, enter the fully qualified domain name (FQDN) of the WSUS server (for example, VMMServer01.contoso.com).Specify which TCP/IP port that the WSUS website listens on for connections (for example, port 8530). Enter credentials for connecting to the WSUS server. The account must have administrator rights on the WSUS server.If necessary, select the Use Secure Socket Layer (SSL) to communicate with the WSUS server and clients check box.Click Add.The WSUS server will be added to VMM, followed by initial synchronization of the updates catalog. Depending on how many update classifications and products you chose when you installed the WSUS server, this operation can take a long time, depending on such factors as network traffic and the load on the WSUS server.To find out the status of the operation, monitor the status of the Add Update Server and Synchronize Update Server jobs in the Jobs window or in the Jobs workspace.NoteAfter you enable update management in VMM, you should manage the WSUS server only through VMM, unless you are using a WSUS server in a Configuration Manager environment. To verify that the WSUS server was added to VMM successfully:In the Fabric workspace, on the Fabric pane, expand Servers, and click Update Server. The results pane should display the WSUS server.In the Library workspace, on the Library pane, expand Update Catalog and Baselines, and then click Update Catalog. The results pane should display the updates that were downloaded during WSUS synchronization.

QUESTION 64Your company has a private cloud that is managed by using a System Center 2012 Operations Manager infrastructure. The network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. The private cloud contains two servers. The servers are configured as shown in the following table.The network segments are separated by a firewall. All of the TCP ports from i to 1024 are allowed on the firewall. You need to ensure that Server2 can send security events to Server1. What should you do?

A. From the firewall, allow TCP 51909 from Network2 to Network1.B. From the firewall, allow TCP 5723 from Network1 to Network2.C. From the firewall, allow TCP 51909 from Network1 to Network2.D. From the firewall, allow TCP 5723 from Network2 to Network1.E. Deploy an SMTP smart host.F. Deploy an Operations Manager gateway server.

Answer: AExplanation:ACS Forwarders Separated from the ACS Collector by a Firewall Because of the limited communication between an ACS forwarder and an ACS collector you only need to open the inbound TCP port 51909 on a firewall to enable an ACS forwarder, separated from your network by a firewall, to reach the ACS collector. http://technet.microsoft.com/en-us/library/bb309575.aspx

QUESTION 65Your company has a private cloud that contains a System Center 2012 Service Manager instance. Service Manager has the Self-Service Portal installed. You create a service offering that contains a single request offering. The service offering provides logged-on users with the ability to add their user account automatically to a group named ServiceGroup1. The company’s security policy requires that an administrator named Admin1 must approve all requests for group membership change. You need to configure the infrastructure to meet the requirements of the company’s security policy.What should you modify?

A. the service offeringB. the service request templateC. the request offeringD. the Service Offering Category list

Answer: BExplanation:http://social.technet.microsoft.com/Forums/en-US/systemcenterservicemanager/thread/c26c16be-464e-4eeba5a7-00136580467aI am brand new to SCSM/SCOrch and am fumbling my way through it. I have finally gotten a runbook successfully created, service request offering completed, and published it to the portal. I filled it out and submitted it on the portal a couple hours ago and it still sits “In progress”. I cannot for the life of me figure out how in the world to approve the request. I assume once I approve it the rest will be completed automatically.Can anyone help? Please?JuiceFor approval you need to add a Review Activity to the Service Request Template at the Activity tab.Marcel Zehner wrote a good blog post about this:News in SCSM12 (Beta) #2 Service RequestsHope this helps.

QUESTION 66Your company has a datacenter in Los Angeles. The datacenter contains a private cloud that is managed by using a System Center 2012 infrastructure. The infrastructure has the System Center 2012 Service Manager Self-Service Portal installed. You create a new service offering. You need to ensure that only three users named Admin1, Admin2, and Admin3 can access the service offering.What should you do?

A. Add the service offering and the request offering to a Service Manager group, and then create a Run As Account.B. Add the Admin1, Admin2, and Admin3 configuration items to a Service Manager group, and then create a Run As Account.C. Add the service offering and the request offering to a Service Manager group, and then create a User Role.D. Add the Admin1, Admin2, and Admin3 configuration items to a Service Manager group, and then create a User Role.

Answer: DExplanation:With Role based security scoping in SCSM there is the possibility to configure a controlled environment for different service roles. A SCSM role profile is a configuration set to define access to objects, views in the console, operations they can perform and members of the role (AD User/Group). SCSM components of a User role are:The security scope: Is the security boundary in SCSM. Boundaries can be set on Group/queue, Class, Property & relationships.UI filter scope: This filter is for defining what an operator can see in the SCSM console. Limiting the options visible in the console improves the usability. UI filters can be set on console tasks, templates and views.User role profile: SCSM includes some predefined user profiles who include a set of allowed operations with a class/property/relationship scope over objects. User Assignment: The members of the user role in SCSM. This can be set for users or groups.(Always recommended to use groups)http://scug.be/scsm/2010/03/21/service-manager-role-based-security-scoping

QUESTION 67Your company has a private cloud that is managed by using a System Center 2012 infrastructure. The network contains a Virtual Machine Manager (VMM) infrastructure and an Operations Manager infrastructure. You create and deploy a three-tier service to VMM. You plan to view service diagrams in Operations Manager. You need to identify which management packs must be imported to Operations Manager for the planned diagrams. The solution must minimize the number of imported management packs. Which management packs should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 68Your company has a private cloud that is managed by using a System Center 2012 Operations Manager infrastructure. The network contains two network segments that are separated by a firewall. You have a management server named Server1. You create a discovery rule and configure the rule to discover SNMP devices. You discover that only the devices on the network segment that contains Server1 are discovered. You need to ensure that the devices supporting SNMP on both network segments are discovered. Which firewall port or ports should you allow on the firewall?

QUESTION 69Your company has a private cloud that is managed by using a System Center 2012 Operations Manager infrastructure. The network contains an Active Directory forest named adatum.com. Operations Manager monitors a server named Operations1. Operations1 has a computer account in an organizational unit (OU) name ServerOU1. You create a group named GP1 as shown in the exhibit. (Click the Exhibit button.)You create a rule named OMRule1 that generates an alert when an error is added to the Application log. You target OMRule1 to GP1. You discover that alerts fail to be generated when errors are added to the Application log on Operations1. You need to ensure that an alert is generated when an error is added to the Application log on Operations1. What should you modify?

A. the target of OMRulel1B. the dynamic membership of GP1C. the category of OMRule1D. the explicit membership of GP1

Answer: BExplanation:How does a rule get to an agent?For any particular rule/monitor, OpsMgr will enumerate all instances of the target class and apply the rule to each. If there are no instances of the target class on a particular agent, then the rule will do nothing. It’s that simple.If I can’t target groups, why are they listed when I select a target for a rule? Groups are classes just like any other. They’re singleton classes where the class and the instance are one and the same, but they are classes nonetheless which is why they show up in the list with all other classes. There are really very few circumstances where you will target a rule at a group though.What if I do target a group?You can apply a rule/monitor directly to a group, but it will execute against the group object itself. OpsMgr will not enumerate members of the group and apply the rule to each. Any rules targeted at groups will actually operate on the Root Management Server since groups have no host and unhosted objects are managed by the RMS.How do I target some group of objects then?To the specific question of how to get a particular rule/monitor to a subset of components, you have two basic options. Let’s say for example, you have a particular subset of web sites that you need a particular rule to apply. You could target that rule at the IIS 2003 Web Site class for example, but that would apply the rule to all instances of that class. It would probably apply to sites that you didn’t want.Option 1 would be to create a new class and target the rule at the class. In the case of an IIS site, this would mean that you would need to go to the Authoring Console or raw XML and create a new class and discovery.That’s a more advanced solution that most customers will do and probably overkill anyway. Option 2 is the create a rule target at the whole class and disable it. Create a group with the sites you want and create an override for that group to enable your rule. This might sound like a workaround, but it’s a completely valid solution.How do I know if I’m selecting the right target?The easiest method to validate you are using a target that actually has instances is to use the Discovered Inventory view in the Operations Console prior to creating your rule/monitor. In the Actions pane is an option called “Change target type…” that will bring up the same Select a Target Type dialog box that you see when you select the target for a rule/monitor. This view will list all instances of the target class you select. You can validate which agents have an instance of that class and how many instances each has. If there are no instances listed, then the rule isn’t going to do anything. If there are instances, then you not only be confident that the rule/monitor will execute on the agent, but you can also view the properties of the instance that will be accessible to any rules/monitors targeted at it.http://blogs.technet.com/b/brianwren/archive/2007/08/22/targeting-rules-and-monitors.aspx NOTE: The text below was copied from a duplicate questionhttps://social.technet.microsoft.com/wiki/contents/articles/7205.operations-manager-dynamicgroup-examples.aspxOperations Manager Dynamic Group ExamplesIn Operations Manager, groups are logical collections of objects, such as Windows-based computers, hard disks, or instances of Microsoft SQL Server. Groups are populated by explicitly adding objects to the group or dynamically according to criteria you set. For more information on the use of groups, see Creating and Managing Groups in the Operations Guide. This article provides example of group definitions. The examples describe the items to select in the Query Builder and the resulting formula:

QUESTION 70Drag and Drop QuestionsYour company has a private cloud that is managed by using a System Center 2012 infrastructure. The private cloud contains 200 servers that run Windows Server 2008 R2. All of the servers are managed by Operations Manager. The private cloud contains an application named App1 that is deployed on-demand to several servers. The servers that run the application are identified by a registry value set during the application’s installation. You create a monitor that targets all of the servers. You need to modify the monitor to only affect the servers that have the application installed. Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)Answer: Explanation:In Operations Manager 2007, you can create attributes to define a commonality within a group of objects that you want to monitor. After you create an attribute, you can create a group whose members are only objects that have the commonality described in your attribute. For example, if you want to monitor a set of servers that all have a common registry value, you create an attribute based on that registry value. To find the servers that have that registry value, you create a group that has a dynamic inclusion rule for only those servers that have the newly created attribute and target the group only to the server object type. Operations Manager then checks the registry of each server to see whether that registry value exists. If it does, that server is added as a member of the group.When you create an attribute, you must select an object type as a target for it. Operations Manager adds the new attribute to the existing list of attributes for that object type. If the target you select is from a sealed management pack, the object type also is sealed and the new attribute cannot be added. Instead, Operations Manager creates a new object type to which it adds the new attribute. By default, this new object type is named after the original object type with _Extended appended to the original name. This new object type contains all the attributes of the original object type, in addition to the attribute you are creating. You can view existing attributes in the Monitoring area of the Operations console. If the attributes are defined within a sealed management pack, you can view the properties of the attribute but you cannot change them. The properties of an attribute include information about where the attribute information is stored, such as the registry or through WMI. You can create a new attribute for any monitored object, and you can change most of the properties of an attribute that you create. However, the Attribute Type property, which identifies the source of the attribute information such as the registry, cannot be changed after an attribute is created. http://systemscenter.ru/opsmgr2007.en/html/26d205e5-a26b-416e-93ae-9f33fe156311.htm